Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/7qa40nir5wFq2isGcTz2sDzsh0E.roa
File:                     7qa40nir5wFq2isGcTz2sDzsh0E.roa (raw, json)
Hash identifier:          P1yq7a1eR7Cp2asOxbQ/DVqg+NZ3IgYJdW9DNRFrZbc=
Subject key identifier:   EE:A6:B8:D2:78:AB:E7:01:6A:DA:2B:06:71:3C:F6:B0:3C:EC:87:41
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0197973774D00CCDF0D405D18714A05120C5
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/7qa40nir5wFq2isGcTz2sDzsh0E.roa
Signing time:             Sun 22 Jun 2025 10:38:03 +0000
ROA not before:           Sun 22 Jun 2025 10:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        213.109.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:97:37:74:d0:0c:cd:f0:d4:05:d1:87:14:a0:51:20:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun 22 10:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eea6b8d278abe7016ada2b06713cf6b03cec8741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4a:cd:93:05:d2:2d:0c:e6:d3:64:d0:18:90:
                    07:ec:f6:99:a3:74:ae:fc:32:87:11:6d:4a:a8:eb:
                    5d:82:b1:b5:fb:5f:8c:88:20:89:94:d1:2a:ca:e7:
                    c2:91:2f:c0:1d:42:c9:cf:9a:1e:46:94:8a:36:65:
                    67:35:9b:f3:6e:90:c3:12:14:4f:11:9c:36:73:e0:
                    15:48:11:f2:8a:4c:49:50:a0:3a:ee:09:61:9f:a3:
                    48:58:c0:0d:41:39:a1:fc:6a:4c:e5:9b:11:2a:31:
                    63:10:78:c8:95:a5:83:89:78:36:80:bd:9d:55:e7:
                    7d:75:76:70:ce:e0:e2:23:ab:22:48:d3:18:c4:9d:
                    cd:56:a0:0c:07:96:8a:27:97:6b:b9:74:32:2f:79:
                    2b:0d:fe:b0:f1:26:0a:66:29:27:11:33:b3:23:c2:
                    e5:9e:9b:42:48:6c:75:15:f1:c0:75:e0:45:ac:84:
                    fa:14:4c:ac:18:2c:09:fb:08:6c:c9:37:7e:3c:dd:
                    9b:b9:db:31:57:da:13:43:92:42:a0:ac:6f:5c:75:
                    b1:d2:54:b8:a8:a1:6d:18:90:b9:89:cc:33:73:85:
                    9c:48:17:f2:03:68:57:b1:82:92:c3:aa:4d:e1:80:
                    a5:63:6b:68:e8:25:d8:e0:79:20:a4:cf:fd:b8:b0:
                    69:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A6:B8:D2:78:AB:E7:01:6A:DA:2B:06:71:3C:F6:B0:3C:EC:87:41
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/7qa40nir5wFq2isGcTz2sDzsh0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:98:5c:56:bb:05:6b:14:09:7b:8d:b1:b9:24:69:fc:59:b3:
         8e:c3:a5:98:d3:6b:72:5d:64:0f:38:7c:74:76:9c:86:de:71:
         11:03:79:f4:b8:e4:98:e1:c1:1d:cb:06:64:91:44:7a:6e:a1:
         09:66:d5:97:a3:30:fb:f0:74:90:8d:15:c1:02:17:1e:b4:01:
         30:4c:e4:bd:08:06:3e:53:d9:09:d4:bb:b9:d0:dc:d5:40:e1:
         60:ca:4a:7b:83:32:a9:e1:dc:68:c2:4d:56:e0:a0:01:66:8e:
         25:a1:ed:cc:4a:63:2d:b0:bc:ff:36:ce:a3:27:61:14:3b:db:
         88:f2:e5:bf:c8:e0:53:96:ce:83:84:d6:3d:51:9b:dd:9c:e5:
         68:98:c0:52:e0:29:b9:12:48:86:9f:46:2b:d8:38:f6:e7:38:
         67:2b:e4:b1:ba:33:f0:ad:00:5a:0c:06:7b:9d:70:30:4c:e2:
         f7:ee:15:4e:2c:de:6a:5f:a9:27:77:9e:8a:77:92:24:ca:64:
         5e:d3:b0:21:d3:b2:3a:61:3e:c1:52:2f:b8:50:63:d8:d3:0e:
         cf:84:dd:69:6b:cd:90:3e:db:8e:c8:78:ad:89:60:cf:10:ec:
         db:e0:f7:56:1f:fb:d2:a4:e1:7c:66:8d:00:a0:0d:14:40:22:
         9c:cc:83:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeXN3TQDM3w1AXRhxSgUSDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNjIyMTAzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE2YjhkMjc4YWJlNzAxNmFkYTJiMDY3MTNjZjZiMDNjZWM4NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUrNkwXSLQzm02TQGJAH7PaZo3Su
/DKHEW1KqOtdgrG1+1+MiCCJlNEqyufCkS/AHULJz5oeRpSKNmVnNZvzbpDDEhRP
EZw2c+AVSBHyikxJUKA67glhn6NIWMANQTmh/GpM5ZsRKjFjEHjIlaWDiXg2gL2d
Ved9dXZwzuDiI6siSNMYxJ3NVqAMB5aKJ5druXQyL3krDf6w8SYKZiknETOzI8Ll
nptCSGx1FfHAdeBFrIT6FEysGCwJ+whsyTd+PN2budsxV9oTQ5JCoKxvXHWx0lS4
qKFtGJC5icwzc4WcSBfyA2hXsYKSw6pN4YClY2to6CXY4HkgpM/9uLBpJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6muNJ4q+cBatorBnE89rA87IdBMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvN3FhNDBuaXI1d0ZxMmlzR2NUejJzRHpzaDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1W2aMA0G
CSqGSIb3DQEBCwUAA4IBAQBFmFxWuwVrFAl7jbG5JGn8WbOOw6WY02tyXWQPOHx0
dpyG3nERA3n0uOSY4cEdywZkkUR6bqEJZtWXozD78HSQjRXBAhcetAEwTOS9CAY+
U9kJ1Lu50NzVQOFgykp7gzKp4dxowk1W4KABZo4loe3MSmMtsLz/Ns6jJ2EUO9uI
8uW/yOBTls6DhNY9UZvdnOVomMBS4Cm5EkiGn0Yr2Dj25zhnK+SxujPwrQBaDAZ7
nXAwTOL37hVOLN5qX6knd56Kd5IkymRe07Ah07I6YT7BUi+4UGPY0w7PhN1pa82Q
PtuOyHitiWDPEOzb4PdWH/vSpOF8Zo0AoA0UQCKczIMx
-----END CERTIFICATE-----